National Gun Forum banner

21 - 27 of 27 Posts

·
Ancient Gaseous Emanation
Joined
·
53,706 Posts
Basically what happened is VerticalScope allowed hackers to break in and steal user/password info.

It's like a Valet key box. They allowed someone to break in and steal all the keys. They also put too many keys in one box so when you broke into that one you had a ton of keys. Then they asked us to change our locks. A simple lock change would suffice but they went overboard and told us to change to a $500 Medeco instead of a $20 Schlage. Then they want us to change our locks every year. All of this is to protect a 1979 Yugo.
From the article.

"Experts at LeakedSource, a breach notification website, believe that VerticalScope, which owns sites like VWVortex and TTAC, may have stored too much data in one or several connected servers. The volume of data cracking one server may have given hackers access to several others, as they say, “there is no other way to explain a theft on such a large scale.”

Furthermore, a database sample given to ZDNet shows passwords that were hashed and salted with MD5, an obsolete method that is now too easy to decipher. In addition to passwords, email addresses, the site visited and a user’s IP information (which can be sometimes be used to determine location) are all listed in conjunction with the usernames that were compromised.

Lack of HTTPS encryption and the use of vulnerable older versions of the vBulletin forum software were other weaknesses in VerticalScope sites noted by ZDNet. So far, they note, the data has not appeared for sale on the dark web."


In English: VS bought a bunch of sites that were using obsolete security features and old software which had not been updated. These sites were hacked. Everything else is "we believe", "maybe", "possibly", "we see no other way". That's nothing more than supposition and educated guesses.



When VS discovered the problem they told us and demanded we take corrective measures. These initial corrective measures may be overreaction, they may not be. They also admitted these actions may be overly extreme and, if so, will be modified in the future.


I suggest waiting until the initial panic subsides before pointing fingers and laying blame. Let's see how they go about solving the problems.

Until then, change your password.
 

·
Registered
Joined
·
10,064 Posts

·
.
Joined
·
5,082 Posts
I never weighed in on this cause not much you can do about it cept change your password. There's always hacking going on and will be. But make no mistake, when an event as large as can happen happen such as this case goes down, is known as enterprise level...common among the large volumetric systems....whether one large original data set or, of an ongoing inclusive growing base, such as organizations that constantly grow such as "buying paper or accounts" of others. Such large breaches of partially joined yet united bases breaches can most always be traced to one failure, the loss of or breach of security at the admin level.
 
21 - 27 of 27 Posts
Top